[sf-lug] Ransomware threat to Linux servers

Michael Paoli Michael.Paoli at cal.berkeley.edu
Tue Nov 10 00:33:50 PST 2020 

> From: "Bobbie Sellers" <bliss-sf4ever at dslextreme.com>
> Subject: [sf-lug] Ransomware threat to Linux servers
> Date: Mon, 9 Nov 2020 12:15:42 -0800

>     Note that keeping your security up-to-date is the best defense.
>
> Linux version of RansomEXX ransomware discovered
>
> This marks the first time a major Windows ransomware strain has
> been ported to Linux to aid hackers in their targeted intrusions.
>
> <https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/>

Mostly nothin' to see here.

Oooh, folks can do bad stuff to your systems after they've
already broken security and gained unrestricted superuser (root)
access on the hosts.  And ... this is news how?

Someone ported software fro Microsoft Windows to
Linux - hardly news.  Someone ported such software
to make a mess of things after they've already gained
access to make a mess of things - also not exactly news.

A lot of overblown "security reports" in the "news" are much more
hype than substance ... often because some "security company" put
out some press release (there's generally a major conflict of interest
inherent there - scare lots more folks/companies about "security",
sell lots more "security" software), and maybe someone came up with
a slick name for it, and someone came up with some web site for it
and some slick graphic(s)/icon/logo (a.k.a. marketing).

Well, news for y'all, the really bad stuff doesn't need
dedicated web site, slick logo(s)/graphic(s), marketing,
nor press release from some "security" company, nor a bunch
of "news"/media organizations parroting same.

The particularly bad stuff has serious to grave exploitability,
typically significant to huge installed based, and significant
to huge exposure.  It's typically covered on security
advisories/notifications from reputable sources, e.g. software
vendors giving security notifications/announcements to
update/patch the software (and/or apply work-arounds) to
close (or at least mitigate) the vulnerability(/ies),
particularly when they also emphasize the severity of the
risk, and reputable entities also cover the issue and give the
risk rather to very high risk ratings, and may even put out their
own announcements regarding the criticality of the risk - often
too when exploits/attacks are known or expected soon/imminently
to be seen in the wild.

More information about the sf-lug mailing list